def update_user(org_uuid, uuid):
admin_uuid = get_jwt_identity()
if admin_uuid == uuid:
return abort(make_response(jsonify(message="Cannot update self"), 409))
user_role = organization_roles.get_organization_role(org_uuid, uuid)
user = users.get_by_uuid(uuid)
if user is None or user_role is None:
return abort(make_response(jsonify(message="Not found"), 404))
data = request.json
if not data:
return abort(make_response(jsonify(message="Missing payload"), 400))
role = data.get("role", user_role["role"])
if role not in ["admin", "user"]:
return abort(make_response(jsonify(message="Bad role"), 400))
organization_roles.set_organization_role(org_uuid, uuid, role)
return (
jsonify(
{
"uuid": user["uuid"],
"username": user["username"],
"email": user["email"],
"role": role,
"activated": user["activated"] is not None,
}
),
200,
)
def activate_user():
data = request.json
if not data:
return abort(make_response(jsonify(message="Missing payload"), 400))
email = data.get("email", "").lstrip().rstrip().lower()
activation_key = data.get("activation_key", None)
password = data.get("password", None)
password_confirmation = data.get("password_confirmation", None)
if not email or not is_email(email):
return abort(
make_response(jsonify(message="Missing or bad email"), 400))
if not password:
return abort(make_response(jsonify(message="Missing password"), 400))
if not activation_key:
return abort(
make_response(jsonify(message="Missing activation_key"), 400))
if password != password_confirmation:
return abort(
make_response(jsonify(message="Passwords do not match"), 400))
existing = users.get_by_email(email)
if not existing:
return abort(make_response(jsonify(message="Cannot activate"), 400))
if existing["activated"] is not None:
return abort(make_response(jsonify(message="Already activated"), 409))
if (hashlib.sha256(str(activation_key).encode("utf-8")).hexdigest() !=
existing["activation_key_hash"]):
return abort(make_response(jsonify(message="Cannot activate"), 400))
if existing["activation_key_expires"] < datetime.now().astimezone():
return abort(
make_response(jsonify(message="Activation key expired"), 400))
memberships = organization_roles.get_by_user_uuid(existing["uuid"])
if len(memberships) == 0:
orguuid = guid.uuid4()
organizations.add_organization(uuid=orguuid,
name="Default organization")
organization_roles.set_organization_role(orguuid, existing["uuid"],
"admin")
pwd_hash = bcrypt.hashpw(password.encode("utf8"), bcrypt.gensalt())
users.update_user(
uuid=existing["uuid"],
activated=datetime.now().astimezone(),
providers=["local"],
providers_data={},
)
local_users.add_local_user(
user_uuid=existing["uuid"],
pwd_hash=pwd_hash.decode("utf8"),
force_pwd_change=False,
)
return "", 204
def create_organization():
data = request.json
if not data:
return abort(make_response(jsonify(message="Missing payload"), 400))
name = data.get("name")
if not name:
return abort(make_response(jsonify(message="Missing name"), 400))
uuid = guid.uuid4()
user = get_current_user()
name = name.lstrip().rstrip()
organizations.add_organization(uuid=uuid, name=name)
organization_roles.set_organization_role(uuid, user["uuid"], "admin")
return jsonify({"uuid": uuid, "name": name}), 201
def activate_user(email, activation_key, password, password_confirmation):
try:
validate_email(email, check_deliverability=False)
except EmailNotValidError as e:
return {"activated": False, "message": f"Email not valid: {e}"}
if not password:
return {"activated": False, "message": "Missing password"}
if not activation_key:
return {"activated": False, "message": "Missing activation_key"}
if password != password_confirmation:
return {"activated": False, "message": "Passwords do not match"}
existing = users.get_by_email(email)
if not existing:
return {"activated": False, "message": "Cannot activate"}
if existing["activated"] is not None:
return {
"activated": False,
"already_activated": True,
"message": "Already activated",
}
if (hashlib.sha256(str(activation_key).encode("utf-8")).hexdigest() !=
existing["activation_key_hash"]):
return {"activated": False, "message": "Cannot activate"}
if existing["activation_key_expires"] < datetime.now().astimezone():
return {"activated": False, "message": "Activation key expired"}
memberships = organization_roles.get_by_user_uuid(existing["uuid"])
if len(memberships) == 0:
orguuid = guid.uuid4()
organizations.add_organization(uuid=orguuid,
name="Default organization")
organization_roles.set_organization_role(orguuid, existing["uuid"],
"admin")
pwd_hash = bcrypt.hashpw(password.encode("utf8"), bcrypt.gensalt())
users.update_user(
uuid=existing["uuid"],
activated=datetime.now().astimezone(),
providers=["local"],
providers_data={},
)
local_users.add_local_user(
user_uuid=existing["uuid"],
pwd_hash=pwd_hash.decode("utf8"),
force_pwd_change=False,
)
return {"activated": True, "user_uuid": existing["uuid"]}
def add_user_to_org(org_uuid):
user_uuid = request.json.get("uuid")
org_role = request.json.get("role")
user = users.get_by_uuid(user_uuid)
if not user:
return make_response("User does not exist", 400)
if not organizations.get_by_uuid(org_uuid):
return make_response("Organization does not exist", 400)
if organization_roles.get_organization_role(org_uuid,
user_uuid) is not None:
return make_response("User is already in organization", 400)
organization_roles.set_organization_role(org_uuid, user_uuid, org_role)
return make_response("", 200)
def add_user_to_org(org_uuid):
data = request.json
if not data:
return abort(make_response(jsonify(message="Missing payload"), 400))
email = data.get("email", None)
org_role = data.get("role", None)
if not email or not org_role:
return abort(make_response(jsonify(message="Missing email"), 400))
if org_role not in ["admin", "user"]:
return abort(make_response(jsonify(message="Bad role"), 400))
email = email.lstrip().rstrip().lower()
if not is_email(email):
return abort(make_response(jsonify(message="Invalid email"), 400))
existing = users.get_by_email(email)
# completely new user
if existing is None:
user_uuid = guid.uuid4()
activation_key = guid.uuid4()
activation_key_expires = datetime.now().astimezone() + timedelta(hours=24)
users.add_user(
uuid=user_uuid,
email=email,
username=email,
system_role="user",
providers=[],
activation_key_hash=hashlib.sha256(
str(activation_key).encode("utf-8")
).hexdigest(),
activation_key_expires=activation_key_expires,
)
else:
user_uuid = existing.get("uuid", None)
# an activated account that already has a role in this organization
if (
organization_roles.get_organization_role(org_uuid, user_uuid)
and existing["activated"]
):
return abort(make_response(jsonify(message="User already exists"), 409))
# an account that is not activated but has already been sent an invite
activation_key = guid.uuid4()
activation_key_expires = datetime.now().astimezone() + timedelta(hours=24)
users.update_user(
uuid=user_uuid,
activation_key_hash=hashlib.sha256(
str(activation_key).encode("utf-8")
).hexdigest(),
activation_key_expires=activation_key_expires,
)
organization = organizations.get_by_uuid(org_uuid)
organization_roles.set_organization_role(org_uuid, user_uuid, org_role)
if existing is None or existing["activated"] is None:
send_mail.delay(
[email],
"REGISTRATION_VERIFICATION_EMAIL",
{
"activation_key": activation_key,
"activation_key_expires": int(activation_key_expires.timestamp()),
"email": email,
"inviter_username": get_current_user()["username"],
"organization_name": organization["name"],
"organization_uuid": organization["uuid"],
},
)
else:
send_mail.delay(
[email],
"ORGANIZATION_INVITATION",
{
"email": email,
"inviter_username": get_current_user()["username"],
"organization_name": organization["name"],
"organization_uuid": organization["uuid"],
},
)
return (
jsonify(
{
"uuid": str(user_uuid),
"username": existing["username"] if existing else email,
"email": email,
"role": org_role,
"activated": existing["activated"] is not None if existing else False,
}
),
201,
)